<?php
/*********************************************************************************
* Filename: create_team.php
* 
* This PHP script validates input recieved from the user for creating a team,
* and if the input is valid inserts a new entry into the TEAMS table in the 
* database for the selected league.
*
*
* Author: Caleb Goff
* Date Created: 10/10/2009
**********************************************************************************/

//Include common.php to utilize common functions
include_once 'common.php';
require_once "Mail.php";

//Retrieve variables from HTTP POST
$league_id      = $_REQUEST['leagueId'];
$league_pwd     = $_REQUEST['leaguePwd'];
$team_name   	= $_REQUEST['teamName'];
$team_pwd   	= $_REQUEST['teamPwd'];
$team_email 	= $_REQUEST['teamEmail'];
$team_key   	= $_REQUEST['key'];
$team_question  = $_REQUEST['teamQuestion'];
$team_answer    = $_REQUEST['teamAnswer'];
$upload_image   = $_REQUEST['uploadStatus'];

// Query the database to check the league password against the one provided
$query = "SELECT LEAGUE_PWD FROM LEAGUES WHERE LEAGUE_ID = '$league_id'";
$result = do_query($query, $g_db_name, $g_username);
$row = mysql_fetch_assoc($result);

// If invalid league password provided
if ($row['LEAGUE_PWD'] != $league_pwd)
{
	$retVal = 4;
}

//Query the database to check if that team name exists
//for that league already, and throw an error if it does.
$query  = "SELECT TEAM_NAME, OWNER_EMAIL FROM TEAMS WHERE LEAGUE_ID = $league_id";
$result = do_query($query, $g_db_name, $g_username);

if ($league_id < 1)
	$retVal = 3;

while($row = mysql_fetch_assoc($result)){
	$name = $row['TEAM_NAME'];
	$email = $row['OWNER_EMAIL'];
	
	//Check if the team name already exists in the league
	//and return an error code if necessary.
	if ($name == $team_name){
		$retVal = 1;
		break;
	}

	//Check if the team's email already exists for another
	//team in the league and return an error code if 
	//necessary
	if ($email == $team_email){
		$retVal = 2;
		break;
	}
}

// If no errors have occurred
if ($retVal == 0){
	
	$query = "INSERT INTO TEAMS (TEAM_NAME, TEAM_PWD, OWNER_EMAIL, LEAGUE_ID, QUESTION, ANSWER) 
		      VALUES('$team_name','$team_pwd','$team_email','$league_id','$team_question','$team_answer')";
	do_query($query, $g_db_name, $g_username);

	$query = "SELECT TEAM_ID FROM TEAMS ORDER BY TEAM_ID DESC LIMIT 1";
	$result = do_query($query, $g_db_name, $g_username);
	$row = mysql_fetch_assoc($result);

	$team_id = $row['TEAM_ID'];

	$query = "INSERT INTO VERIFY (TEAM_ID, VERIFY_KEY)
		  VALUES('$team_id','$team_key')";

	do_query($query, $g_db_name, $g_username);

	// Define the body of the team creation notification email
	$body = "Congratulations!\n
		 You have successfully created a Fantasy Broomball team! 
		 We need you to verify your team by following the link below:\n
		 $g_server/team_verification.php?key=$team_key\n
		 If you feel you have recieved this email in error, please delete it. You will not be contacted by us again.\n
		 Good luck!
		 - The Fantasy Broomball Team";

	// Send out the email
	email_message($team_creation_subject,$body,$team_email);

    // If user wants to upload a custom avatar,
    // specify a return value of 99, else it's 0.
    if ($upload_image == "Yes") {
        $retVal = 99;
    } else {
        $retVal = 0;
    }

}

echo $retVal;

?>

